"The disks contained patient names, diagnosis, name of surgical procedure, and the surgeon, and most contained patient social security numbers as well, Emory said in a statement," Infosecurity reports. "The patients were treated at Emory University Hospital, Emory University Hospital Midtown, and the Emory Clinic Ambulatory Surgery Center between September 1990 and April 2007."

"Based on an internal investigation, Emory Healthcare officials believe the disks were removed sometime between Feb. 7 and Feb. 20," writes WSBTV's Erica Byfield. "Fox said the employee who had the information did not properly secure it but will not face any disciplinary actions."

"All affected patients will be provided access to identity protection services, including credit monitoring, at Emory’s expense, he added," writes Atlanta Business Chronicle's Urvaksh Karkaria. "Patients are being informed through letters delivered to their homes."